1,720,995 research outputs found
Non Intrusive Wi-Fi CSI Obfuscation Against Active Localization Attacks
No full textChannel State Information (CSI) based localization with 802.11 has been proven feasible in multiple scenarios and is becoming a serious threat to people privacy in work spaces, at home, and maybe even outdoors, even if outdoors experiments proving the feasibility are still not available. Countering unauthorized localization without hampering communications is a nontrivial task, although some very recent works suggest that it is feasible with marginal modification of the 802.11 transmission chain, but this requires modifying 802.11 devices. Furthermore, if the attacker controls two devices and not only a receiver, transmission side signal manipulation cannot help. This work explores the possibility of countering CSI based localization with an active device that, instead of jamming signals to avoid that a malicious receiver exploits CSI information to locate a person, superimpose on frames a copy of the same frame signal whose goal is not destroying reception as in jamming, but only obfuscate the location relevant information carried by the CSI. A prototype implementation and early results looks promising; they show feasibility of location obfuscation with high efficiency and excellent preservation of communication performance, paving the road for further research and improved users privacy
Exposing the CSI: A Systematic Investigation of CSI-based Wi-Fi Sensing Capabilities and Limitations
No full textThanks to the ubiquitous deployment of Wi-Fi hotspots, channel state information (CSI)-based Wi-Fi sensing can unleash game-changing applications in many fields, such as healthcare, security, and entertainment. However, despite one decade of active research on Wi-Fi sensing, most existing work only considers legacy IEEE 802.11n devices, often in particular and strictly-controlled environments. Worse yet, there is a fundamental lack of understanding of the impact on CSI-based sensing of modern Wi-Fi features, such as 160-MHz bandwidth, multiple-input multiple-output (MIMO) transmissions, and increased spectral resolution in IEEE 802.11ax (Wi-Fi 6). This work aims to shed light on the impact of Wi-Fi 6 features on the sensing performance and to create a benchmark for future research on Wi-Fi sensing. To this end, we perform an extensive CSI data collection campaign involving 3 individuals, 3 environments, and 12 activities, using Wi-Fi 6 signals. An anonymized ground truth obtained through video recording accompanies our 80-GB dataset, which contains almost two hours of CSI data from three collectors. We leverage our dataset to dissect the performance of a state-of-The-Art sensing framework across different environments and individuals. Our key findings suggest that (i) MIMO transmissions and higher spectral resolution might be more beneficial than larger bandwidth for sensing applications; (ii) there is a pressing need to standardize research on Wi-Fi sensing because the path towards a truly environment-independent framework is still uncertain. To ease the experiments' replicability and address the current lack of Wi-Fi 6 CSI datasets, we release our 80-GB dataset to the community
AntiSense: Standard-compliant CSI obfuscation against unauthorized Wi-Fi sensing
Full text linkChannel State Information (CSI)-based localization with 802.11 has been proven feasible in multiple scenarios and is becoming a serious threat to people's privacy in workplaces, at home, and maybe even outdoors. Countering unauthorized localization without hampering communications is a non-trivial task, although some very recent works suggest that it is feasible with marginal modification of the 802.11 transmission chain, but this requires modifying 802.11 devices. Furthermore, if the attacker controls two devices and not just a receiver, transmission side signal manipulation cannot help. This work explores the possibility of countering CSI based localization with an active device that, instead of jamming signals to avoid that a malicious receiver exploits CSI information to locate a person, superimpose on frames a copy of the same frame signal whose goal is not destroying reception as in jamming, but only obfuscate the location-relevant information carried by the CSI. A prototype implementation and early results look promising; they show the feasibility of location obfuscation with high efficiency and excellent preservation of communication performance, and indicate that the technique works both against passive attacks, where the attacker controls only a receiver, and active ones, where he/she controls both a transmitter and a receiver. These results pave the road for further research on smart spaces that preserve users’ privacy with a technical solution and not only via legal prescriptions
Dead on arrival: An empirical study of the Bluetooth 5.1 positioning system
No full textThe recently released Bluetooth 5.1 specification introduces fine-grained positioning capabilities in this wireless technology, which is deemed essential to context-/location-based Internet of Things (IoT) applications. In this paper, we evaluate experimentally, for the first time, the accuracy of a positioning system based on the Angle of Arrival (AoA) mechanism adopted by the Bluetooth standard. We first scrutinize the fidelity of angular detection and then assess the feasibility of using angle information from multiple fixed receivers to determine the position of a device. Our results reveal that angular detection is limited to a restricted range. On the other hand, even in a simple deployment with only two antennas per receiver, the AoA-based positioning technique can achieve sub-meter accuracy; yet attaining localization within a few centimeters remains a difficult endeavor. We then demonstrate that a malicious device may be able to easily alter the truthfulness of the measured AoA, by tampering with the packet structure. To counter this protocol weakness, we propose simple remedies that are missing in the standard, but which can be adopted with little effort by manufacturers, to secure the Bluetooth 5.1 positioning system
One GPU to Snoop Them All: A Full-Band Bluetooth Low Energy Sniffer
No full textSniffing Bluetooth data sessions is considered a difficult task, because of the frequency-hopping channel access scheme this technology implements. In this paper we present a novel open-source sniffer that can monitor Bluetooth Low Energy (BLE) traffic on all channels in real time. The sniffer builds on a Software-Defined Radio (SDR) framework to capture the entire BLE spectrum and exploits Graphics Processing Unit (GPU) capabilities to channelize and process BLE traffic in real time. We show that our sniffer can easily and reliably detect active BLE connections, and infer their properties, including Access Address, CRC values and hopping sequences. From a general standpoint, we show that tracking many BLE data sessions at the same time becomes feasible even with relatively inexpensive equipment, as we are able to discover up to 24 simultaneous sessions within 80 ms on average
On the properties of device-free multi-point CSI localization and its obfuscation
Full text linkThe use of Channel State Information (CSI) as a means of sensing the environment through Wi-Fi communications, and in particular to locate the position of unaware people, was proven feasible several years ago and now it is moving from feasibility studies to high precision applications, thus posing a serious threat to people's privacy in workplaces, at home, and maybe even outdoors. The work we present in this paper explores how the use of multiple localization receivers can enhance the precision and robustness of device-free CSI-based localization with a method based on a state-of-the-art Convolutional Neural Network. Furthermore, we explore the effect of the inter-antenna distance on localization, both with multiple receivers and with a single MIMO receiver. Next we discuss how a randomized pre-filtering at the transmitter can hide the information that the CSI carries on the location of one person indoor. We formalize the pre-filtering as a per-frame, per-subcarrier amplitude multiplication based on a Markovian stochastic process, and we discuss different signal clipping and smoothing methods highlighting the existence of a trade-off between communication performance and obfuscation efficiency. The methodology can in any case guarantee almost unhampered communications with very good localization obfuscation. Results are presented discussing two different ways of exploiting the multi-receiver or multi-antenna redundancy and how, in any case, properly randomized pre-distortion at the transmitter can prevent localization even if the attack is carried out with multiple localization devices (receivers controlled by the attacker) and not only with a multi-antenna (MIMO) receiver
Passive device-free multi-point CSI localization and its obfuscation with randomized filtering
No full textThe use of Channel State Information (CSI) as a means of sensing the environment through Wi-Fi communications, and in particular to locate the position of unaware people, is moving from feasibility studies to high precision applications. The work we present in this paper explores how the use of multiple localization receivers can enhance the precision and robustness of device-free CSI-based localization with a method based on a state-of-the-art Convolutional Neural Network. Next we discuss how a randomized pre-filtering at the transmitter can hide the information that the CSI carries on the location of one person indoor formalizing the manipulation technique. Results are presented discussing two different ways of exploiting the multi-receiver redundancy and how, in any case, properly randomized pre-distortion at the transmitter can prevent localization even if the attack is carried out with multiple localization devices (receivers controlled by the attacker)
Even black cats cannot stay hidden in the dark: Full-band de-anonymization of bluetooth classic devices
No full textBluetooth Classic (BT) remains the de facto connectivity technology in car stereo systems, wireless headsets, laptops, and a plethora of wearables, especially for applications that require high data rates, such as audio streaming, voice calling, tethering, etc. Unlike in Bluetooth Low Energy (BLE), where address randomization is a feature available to manufactures, BT addresses are not randomized because they are largely believed to be immune to tracking attacks. We analyze the design of BT and devise a robust de-anonymization technique that hinges on the apparently benign information leaking from frame encoding, to infer a piconet's clock, hopping sequence, and ultimately the Upper Address Part (UAP) of the master device's physical address, which are never exchanged in clear. Used together with the Lower Address Part (LAP), which is present in all frames transmitted, this enables tracking of the piconet master, thereby debunking the privacy guarantees of BT. We validate this attack by developing the first Software-defined Radio (SDR) based sniffer that allows full BT spectrum analysis (79 MHz) and implements the proposed de-anonymization technique. We study the feasibility of privacy attacks with multiple testbeds, considering different numbers of devices, traffic regimes, and communication ranges. We demonstrate that it is possible to track BT devices up to 85 meters from the sniffer, and achieve more than 80% device identification accuracy within less than 1 second of sniffing and 100% detection within less than 4 seconds. Lastly, we study the identified privacy attack in the wild, capturing BT traffic at a road junction over 5 days, demonstrating that our system can re-identify hundreds of users and infer their commuting patterns
Integrating CSI Sensing in Wireless Networks: Challenges to Privacy and Countermeasures
Full text linkThe path toward 6G is still long and blurred, but a few key points seem to be already decided: integration of many different access networks; adoption of massive MIMO technologies; use of frequencies above current radio spectrum up to THz and beyond; and inclusion of artificial intelligence and machine learning in standard management and operations. One additional point that is less discussed, but seems key for success, is the advanced use of channel state information (CSI) for both equalization and decoding purposes as well as for sensing ones. CSI-based sensing promises a plethora of new applications and a quantum leap in service personalization and customer-centric network management. At the same time, CSI analysis, being based on the physical characteristics of the propagated signal, poses novel threats to people's privacy and security: No software-based solution or cryptographic method above the physical layer can prevent the analysis of CSI. CSI analysis can reveal people's position or activity, allow tracking them, and discover details on the environment that today can be seen only with cameras or radars. In this article, we discuss the current status of CSI-based sensing and present some technologies that can protect people's privacy and at the same time allow legitimate use of the information carried by the CSI to offer better services
AX-CSI: Enabling CSI Extraction on Commercial 802.11ax Wi-Fi Platforms
No full textChannel state information (CSI) is paramount to modern Wi-Fi communication systems, as it allows for proper equalization of frames at the receiver side and enables advanced signal processing techniques such as beamforming and MIMO. Given that the CSI can accurately mirror physical changes in the wireless channel, CSI analysis has become a valuable resource to many wireless sensing applications based on the opportunistic use of Wi-Fi signals. Since CSI can usually not be accessed by users directly, several CSI extraction tools have been published over the last few years for various Wi-Fi chipsets. In this paper, we present the first system ever capable of extracting CSI from 802.11ax consumer devices using the Broadcom 43684 Wi-Fi chipset. This platform can extract up to 160 MHz-wide CSI using 4x4 MIMO, and it is compatible with the latest HE PHY. We make our CSI extraction tool available to the research community to foster further work on this emerging topic
- …
